使用LDAP协议访问Active Directory用户属性值 [英] Access Active Directory Users Properties value using LDAP Protocol

问题描述

Hello Everyone，

我开发了C ++控件库，用于访问  Active Directory用户属性值，例如  名字， 最后
姓名， 帐户过期等。

但我在访问用户锁定时间（用户自动注销的时间）时遇到问题，那么请你帮我知道LDAP中的等价属性名称和
的值。

以下参考是访问AD用户的代码行属性值

TCHAR * condition = _T（" memberOf"）;

TCHAR * condition1 = _T（" accountExpires"）;

TCHAR * condition2 = _T（" badPwdCount"）;

TCHAR * condition3 = _T（"sn"）;

问候，

Rushali

解决方案

首先，锁定时间是因为密码尝试次数过多而导致用户帐户被锁定的日期时间。 AD属性是lockoutTime，但它是LargeInteger，一个64位整数，表示日期（以UTC为单位），自1601年1月1日凌晨12:00起100纳秒
的间隔数。这类似于lastLogon和pwdLastSet属性，必须在本地时区转换为日期时间值。

我不知道用户何时会自动注销的任何属性。 logonHours属性是一个字节数组，表示允许用户登录的一周中的小时数，但即使这样也不会记录用户。

编辑：一些引用：

https://support.microsoft。 com / zh-CN / help / 188768 / info-with-the-filetime-structure

https://blogs.msdn.microsoft.com/joshpoley/2007/12/19/datetime-formats-and-conversions/

此Wiki记录了许多LargeInteger AD属性，并描述了如何在PowerShell和VBScript中处理它们：

https://social.technet.microsoft.com/wiki/contents/articles /31135.active-directory-large-integer-attributes.aspx

Hello Everyone,

I have developed C++ control library for accessing the Active Directory Users Properties values such as First Name,Last Name,Account Expires, etc..

but i am facing problem while accessing the User lockout Time(The time at which users will automatically log off), so can you please help me to know the equivalent attribute name in LDAP and its value.

For reference below is the line of code to access the AD user's properties value

TCHAR *condition = _T("memberOf");
TCHAR *condition1 = _T("accountExpires");
TCHAR *condition2 = _T("badPwdCount");
TCHAR *condition3 = _T("sn");

Regards,

Rushali

解决方案

First, the lockout time is the datetime when the user account was locked out because of too many bad password attempts. The AD attribute is lockoutTime, but it is LargeInteger, a 64 bit integer representing dates (in UTC) as the number of 100-nanosecond intervals since 12:00 am January 1, 1601. This is similar to the lastLogon and pwdLastSet attributes, and must be converted into a datetime value in the local time zone.

I don't know of any attribute representing when users will automatically logoff. The logonHours attribute is a byte array representing the hours of the week when users are allowed to logon, but even this does not log users off.

Edit: Some references:

https://support.microsoft.com/en-us/help/188768/info-working-with-the-filetime-structure

https://blogs.msdn.microsoft.com/joshpoley/2007/12/19/datetime-formats-and-conversions/

And this Wiki documents many LargeInteger AD attributes, and describes how to handle them in PowerShell and VBScript:

https://social.technet.microsoft.com/wiki/contents/articles/31135.active-directory-large-integer-attributes.aspx

这篇关于使用LDAP协议访问Active Directory用户属性值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！